Interpretation Conflict in GitLab Enterprise Edition and Gitlab Community Edition - CVE-2025-12506

 

Interpretation Conflict in GitLab Enterprise Edition and Gitlab Community Edition - CVE-2025-12506

Published: July 8, 2026


Vulnerability identifier: #VU137128
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-12506
CWE-ID: CWE-436
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: GitLab, Inc
Affected software:
GitLab Enterprise Edition
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote user to cause the web interface to display content that differs from the content available for download.

The vulnerability exists due to improper handling of Git reference name resolution in tag or branch reference handling when resolving Git reference names. A remote user can create a repository with ambiguous references to cause the web interface to display content that differs from the content available for download.

User interaction is required to rely on the web interface content.


How to mitigate CVE-2025-12506

Install security update from vendor's website.

Sources